Integrations
Single Sign-On
6min
single sign on (sso) allows users to use a single login across multiple enterprise applications the single sign on feature allows your team to sign in using your existing identity provider instead of an invoiced username and password setup now go to the invoiced application go to settings → team → single sign on if you do not see the single sign on tab then contact invoiced support to have this feature enabled turn on the saml enabled toggle copy over the issuer url into the issuer (identity provider entity id) field copy over the sign in url into the sign in url field copy the certificate from the identity provider and paste it into the certificate field within your identity provider follow these instructions create a new saml 2 0 application in your identity provider for invoiced copy the assertion consumer service (acs) url value from the setup info section to the application acs url field in your identity provider copy the service provider entity id / audience uri value from the setup info section to the application entity id field in your identity provider set the nameid attribute to the user's email address once the application has been configured on invoiced and in the identity provider it should be possible for users to sign in using single sign on disable other authentication methods after successfully testing that single sign on is working, you can optionally disable other authentication methods for your invoiced account when this setting is enabled users will only be able to sign into your invoiced account with single sign on and other authentication methods like username/password will not allow the user to access your invoiced account multi entity setup if you have multiple entities that you wish to sign into with single sign on then you will need to keep setting up single sign on after configuring your first entity on each invoiced entity that you wish to sign in through your identity provider, you will need to copy the same saml settings from the first entity that you setup the saml settings should match across all of your entities you do not have to do any additional configuration on your identity provider you only need to set up the invoiced application once on your identity provider for use with multi entity single sign on when a user signs in with multi entity setup, they will only have to sign in once and they will see all of the entities to which they have access in the company switcher of the invoiced app usage once single sign on is properly configured, users can sign in to invoiced from your identity provider when signing in with sso, users will only see the invoiced entities that are connected with the identity provider that they signed in with and to which they have access to it is also possible to sign in using sso from invoiced if users go to the start url in the setup info section or if users click the login with sso button on the invoiced login screen limitations when using single sign on on invoiced, it is important to know these limitations and features that are not supported just in time (jit) user provisioning is not supported new users must also be added to settings → team → users single log out (slo) is not supported system for cross domain identity management (scim) is not supported